SpringBoot安全性:在角8中显示登录页面时的问题

Question

我正在为我的项目实现登录功能。在前端，我使用的是角8，我是这样实现的，所以角8和Springboot运行在同一个端口8090上。

我的路线是

const routes: Routes = [
  { path: '', component: EmployeeComponent,canActivate:[AuthGaurdService] },
  { path: 'addemployee', component: AddEmployeeComponent,canActivate:[AuthGaurdService]},
  { path: 'login', component: LoginComponent },
  { path: 'logout', component: LogoutComponent,canActivate:[AuthGaurdService] },
];

Java :我已经将其设置为允许所有/login请求

WebSecurityConfig

 @Override
    protected void configure(HttpSecurity httpSecurity)
        throws Exception
    {
        // We don't need CSRF for this example
        httpSecurity.csrf().disable()
            // dont authenticate this particular request
            .authorizeRequests().antMatchers("/login").permitAll()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll().anyRequest().authenticated().and().
            // make sure we use stateless session; session won't be used to
            // store user's state.
            exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        // Add a filter to validate the tokens with every request
        httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
    }
}

但是，在调用localhost:8090/登录时，我仍然要面对浏览器。

白线错误页此应用程序没有/error的显式映射，因此您认为这是一种退步。

2010年2月26日14:42:50发生了一个意想不到的错误(type=Not Found，status=404)。没有可用的消息

在后端，我面临着

2020-02-26 14:30:44.045警告5184 -- nio-8090-exec-1 org.freelancing.utils.JwtRequestFilter : JWT令牌不以比勒字符串2020-02-26 14:42:49.945警告5184 - nio-8090-exec-3 org.freelancing.utils.JwtRequestFilter : JWT令牌开始于比勒字符串2020-02-26 14:42:51.287警告5184 -nio- nio-8090-exec-4 org.freelancing.utils.JwtRequestFilter : JWT令牌不以比勒字符串开头。

我想它就在这个街区里

@Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
                                    FilterChain chain)
        throws ServletException,
        IOException
    {
        final String requestTokenHeader = request.getHeader("Authorization");
        String username = null;
        String jwtToken = null;
        // JWT Token is in the form "Bearer token". Remove Bearer word and get
        // only the Token
        if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer "))
        {
            jwtToken = requestTokenHeader.substring(7);
            try
            {
                username = jwtTokenUtil.getUsernameFromToken(jwtToken);
            }
            catch (IllegalArgumentException e)
            {
                System.out.println("Unable to get JWT Token");
            }
            catch (ExpiredJwtException e)
            {
                System.out.println("JWT Token has expired");
            }
        }
        else
        {
            logger.warn("JWT Token does not begin with Bearer String");
        }
        // Once we get the token validate it.
        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null)
        {
            UserDetails userDetails = this.jwtUserDetailsService.loadUserByUsername(username);
            // if token is valid configure Spring Security to manually set
            // authentication
            if (jwtTokenUtil.validateToken(jwtToken, userDetails))
            {
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
                    new UsernamePasswordAuthenticationToken(userDetails, null,
                                                            userDetails.getAuthorities());
                usernamePasswordAuthenticationToken
                    .setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                // After setting the Authentication in the context, we specify
                // that the current user is authenticated. So it passes the
                // Spring Security Configurations successfully.
                SecurityContextHolder.getContext()
                    .setAuthentication(usernamePasswordAuthenticationToken);
            }
        }
        chain.doFilter(request, response);
    }

我需要的是呈现登录页面，然后获取凭证并创建header.But，即使在命中localhost:8090/login时，它在上面的代码中请求标题，因为标题为null，也就是说，我收到了错误：

JWT令牌不以Bearer开头

LoginComponent

<div class="container">
  <div>
    User Name : <input type="text" name="username" [(ngModel)]="username">
    Password : <input type="password" name="password" [(ngModel)]="password">
  </div>
  <button (click)=checkLogin() class="btn btn-success">
    Login
  </button>
</div>

新来的保安人员，请帮忙

Answer 1

我想你的角度应用程序在调用它时根本不会显示出来。您不应该尝试在同一台机器上的同一端口上运行两个不同的服务，因为您的浏览器将无法不同您的请求应该得到的服务。

目前，您正在向您的API (URL：*/登录)发送一个GET请求，您可能还没有设置这个请求。因此，您将在错误消息中获得404，但您希望请求被定向到您的角度应用程序以显示您的应用程序(例如，登录掩码)。